• International Commerce and Information Review
• /
• v.9 no.3
• /
• pp.305-320
• /
• 2007

With expanded use of B2B(between enterprises), B2G(between enterprises and government) and EDI(Electronic Data Interchange), and increased amount of available network information and information protection threat, as it was judged that security can not be perfectly assured only with security technology such as electronic signature/authorization and access control, Bayesian networks have been developed for protection of information. Therefore, this study speculates Bayesian networks system, centering on ERP(Enterprise Resource Planning). The Bayesian networks system is one of the methods to resolve uncertainty in electronic data interchange and is applied to overcome uncertainty of abnormal invasion detection in ERP. Bayesian networks are applied to construct profiling for system call and network data, and simulate against abnormal invasion detection. The host-based abnormal invasion detection system in electronic trade analyses system call, applies Bayesian probability values, and constructs normal behavior profile to detect abnormal behaviors. This study assumes before and after of delivery behavior of the electronic document through Bayesian probability value and expresses before and after of the delivery behavior or events based on Bayesian networks. Therefore, profiling process using Bayesian networks can be applied for abnormal invasion detection based on host and network. In respect to transmission and reception of electronic documents, we need further studies on standards that classify abnormal invasion of various patterns in ERP and evaluate them by Bayesian probability values, and on classification of B2B invasion pattern genealogy to effectively detect deformed abnormal invasion patterns.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.8
• /
• pp.641-653
• /
• 2013

Recent cyber attacks targeting control systems are getting sophisticated and intelligent notoriously. As the existing signature based detection techniques faced with their limitations, a whitelist model with security techniques is getting attention again. However, techniques that are being developed in a whitelist model used at the application level narrowly and cannot provide specific information about anomalism of various cases. In this paper, we classify abnormal cases that can occur in control systems of enterprises and propose a new whitelist model for detecting abnormal cases.

• International Journal of Safety
• /
• v.11 no.1
• /
• pp.26-32
• /
• 2012

This paper introduces a feasibility evaluation method for prognosis systems based on an empirical model in nuclear power plants. By exploiting the dynamical signature characterized by abnormal phenomena, the prognosis technique can be applied to detect the plant abnormal states prior to an unexpected plant trip. Early $operator^{\circ}{\emptyset}s$ awareness can extend available time for operation action; therefore, unexpected plant trip and time-consuming maintenance can be reduced. For the practical application in nuclear power plant, it is important not only to enhance the advantages of prognosis systems, but also to quantify the negative impact in prognosis, e.g., uncertainty. In order to apply these prognosis systems to real nuclear power plants, it is necessary to conduct a feasibility evaluation; the evaluation consists of 4 steps (: the development of an evaluation method, the development of selection criteria for the abnormal state, acquisition and signal processing, and an evaluation experiment). In this paper, we introduce the feasibility evaluation method and propose further study points for applying prognosis systems from KHNP's experiences in testing some prognosis technologies available in the market.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1027-1037
• /
• 2019

Conventional cyber-attack detection solutions are generally based on signature-based or malicious behavior analysis so that have had difficulty in detecting unknown method-based attacks. Since the various information occurring all the time reflects the state of the system, by modeling it in a steady state and detecting an abnormal state, an unknown attack can be detected. Since a variety of system information occurs in a string form, word embedding, ie, techniques for converting strings into vectors preserving their order and semantics, can be used for modeling and detection. Novelty Detection, which is a technique for detecting a small number of abnormal data in a plurality of normal data, can be performed in order to detect an abnormal condition. This paper proposes a method to detect system anomaly by cyber attack using embedding and novelty detection.

• Journal of Power System Engineering
• /
• v.17 no.4
• /
• pp.17-22
• /
• 2013

Diesel generator of nuclear power plant has a role for supply of emergency electric power to protect reactor core system in event of loss of off-site power supply. Therefore diesel generator should be tested periodically to verify the function that can supply specified frequency and voltage at design power level within limited time. For this purpose, appropriate maintenances in case that abnormal conditions were found are required in allowed time. In this paper, results of development of engine condition diagnosis technology and study on power plant of its technology for diesel generator are described.

• The Korean Journal of Pain
• /
• v.29 no.4
• /
• pp.217-228
• /
• 2016

The musculoskeletal system is mainly composed of the bones, muscles, tendons, and ligaments, in addition to nerves and blood vessels. The greatest difficulty in an ultrasonographic freeze-frame created by the examiner is recognition of the targeted structures without indicators, since an elephant's trunk may not be easily distinguished from its leg. It is not difficult to find descriptive ultrasonographic terms used for educational purposes, which help in distinguishing features of these structures either in a normal or abnormal anatomic condition. However, the terms sometimes create confusion when describing common objects, for example, in Western countries, pears have a triangular shape, but in Asia they are round. Skilled experts in musculoskeletal ultrasound have tried to express certain distinguishing features of anatomic landmarks using terms taken from everyday objects which may be reminiscent of that particular feature. This pictorial review introduces known signature patterns of distinguishing features in musculoskeletal ultrasound in a normal or abnormal condition, and may stir the beginners' interest to play a treasure-hunt game among unfamiliar images within a boundless ocean.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.10
• /
• pp.1311-1319
• /
• 2019

Currently, the web environment is a commonly used area for sharing information and conducting business. It is becoming an attack point for external hacking targeting on personal information leakage or system failure. Conventional signature-based detection is used in cyber threat but signature-based detection has a limitation that it is difficult to detect the pattern when it is changed like polymorphism. In particular, injection attack is known to the most critical security risks based on web vulnerabilities and various variants are possible at any time. In this paper, we propose a novelty detection technique to detect abnormal state that deviates from the normal state on web-server log dataset(WSLD). The proposed method is a machine learning-based technique to detect a minor anomalous data that tends to be different from a large number of normal data after replacing strings in web-server log dataset with vectors using machine learning-based embedding algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1027-1041
• /
• 2015

Recently, there are rapidly increasing cases of APT (Advanced Persistent Threat) attacks such as Verizon(2010), Nonghyup(2011), SK Communications(2011), and 3.20 Cyber Terror(2013), which cause leak of confidential information and tremendous damage to valuable assets without being noticed. Several anomaly detection technologies were studied to defend the APT attacks, mostly focusing on detection of obvious anomalies based on known malicious codes' signature. However, they are limited in detecting APT attacks and suffering from high false-negative detection accuracy because APT attacks consistently use zero-day vulnerabilities and have long latent period. Detecting APT attacks requires long-term analysis of data from a diverse set of sources collected over the long time, real-time analysis of the ingested data, and correlation analysis of individual attacks. However, traditional security systems lack sophisticated analytic capabilities, compute power, and agility. In this paper, we propose a Fast Data based real-time abnormal behavior detection system to overcome the traditional systems' real-time processing and analysis limitation.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2016.07a
• /
• pp.281-282
• /
• 2016

본 논문에서는 IoT 디바이스를 안전하게 관리하고 인가되지 않은 접근과 같은 위협에 대응할 수 있는 보안 메커니즘을 제안한다. 이 메커니즘은 IoT 디바이스의 시스템 특징 및 네트워크 특징을 조합하여 개별적인 시그니처를 생성하고 이를 네트워크에서 지속적이고 주기적으로 검사를 수행함으로써 허가되지 않은 디바이스의 접근을 근본적으로 차단하는 방안이다. 본 논문에서는 제안한 메커니즘을 확인하기 위해 실험망을 구성하여 정상 IoT 디바이스와 비정상 IoT 디바이스를 정책적으로 구별하여 차단하여 보안 메커니즘의 우수함을 보인다.

• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.53-58
• /
• 2014

MANET can quickly build a network because it is configured with only the mobile node and it is very popular today due to its various application range. However, MANET should solve vulnerable security problem that dynamic topology, limited resources of each nodes, and wireless communication by the frequent movement of nodes have. In this paper, we propose a domain-based distributed cooperative intrusion detection techniques that can perform accurate intrusion detection by reducing overhead. In the proposed intrusion detection techniques, the local detection and global detection is performed after network is divided into certain size. The local detection performs on all the nodes to detect abnormal behavior of the nodes and the global detection performs signature-based attack detection on gateway node. Signature DB managed by the gateway node accomplishes periodic update by configuring neighboring gateway node and honeynet and maintains the reliability of nodes in the domain by the trust management module. The excellent performance is confirmed through comparative experiments of a multi-layer cluster technique and proposed technique in order to confirm intrusion detection performance of the proposed technique.